| Poziom ryzyka | Number of Alerts |
|---|---|
|
Wysoki
|
1
|
|
Średni
|
2
|
|
Niski
|
0
|
|
Informacyjny
|
4
|
| Nazwa | Poziom ryzyka | Number of Instances |
|---|---|---|
| Cloud Metadata Potentially Exposed | Wysoki | 1 |
| Absence of Anti-CSRF Tokens | Średni | 1338 |
| CSP: Wildcard Directive | Średni | 1382 |
| Authentication Request Identified | Informacyjny | 2 |
| Information Disclosure - Sensitive Information in URL | Informacyjny | 39 |
| User Agent Fuzzer | Informacyjny | 12 |
| User Controllable HTML Element Attribute (Potential XSS) | Informacyjny | 4134 |
|
Wysoki |
Cloud Metadata Potentially Exposed |
|---|---|
| Opis |
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.
All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.
|
| URL | http://localhost:3000/latest/meta-data/ |
| Metody | GET |
| Parameter | |
| Atak | 169.254.169.254 |
| Evidence | |
| Other Info | Based on the successful response status code cloud metadata may have been returned in the response. Check the response data to see if any cloud metadata has been returned. The meta data returned can include information that would allow an attacker to completely compromise the system. |
| Instances | 1 |
| Solution |
Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
|
| Reference | https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/ |
| CWE Id | |
| WASC Id | |
| Plugin Id | 90034 |
|
Średni |
Absence of Anti-CSRF Tokens |
|---|---|
| Opis |
No Anti-CSRF tokens were found in a HTML submission form.
Cross-site request forgery jest atakiem, który obejmuje zmuszanie ofiary do wysłania żądania HTTP do miejsca celowego bez ich wiedzy lub intencji w celu przeprowadzenia akcji jako ofiara. Podstawową przyczyną jest powtarzalność działania aplikacji z przewidywalnymi adresami URL / formularzami. Charakterem ataku jest to, że CSRF wykorzystuje zaufanie, jakie witryna darzy użytkownika. Natomiast skrypty cross-site scripting (XSS) wykorzystują zaufanie, jakim użytkownik darzy stronę internetową. Podobnie jak w przypadku XSS, ataki CSRF niekoniecznie muszą być przekierowane na drugą stronę, ale mogą być. Cross-site request forgery jest również znane jako CSRF, XSRF, atak za jednym kliknięciem, jazda na sesjach, zdezorientowany delegat i surfowanie po morzu.
Ataki CSRF są skuteczne w wielu sytuacjach, w tym:
* Ofiara ma aktywną sesję w witrynie docelowej.
* Ofiara jest uwierzytelniona za pośrednictwem protokołu HTTP w witrynie docelowej.
* Ofiara jest w tej samej sieci lokalnej co strona docelowa.
CSRF został użyty przede wszystkim do wykonania akcji przeciwko witrynie docelowej z wykorzystaniem przywilejów ofiary, ale odkryto najnowsze techniki udostępniania informacji poprzez uzyskanie dostępu do odpowiedzi. Ryzyko udostępnienia informacji dramatycznie wzrasta kiedy strona celu jest podatna na XSS, ponieważ XSS może być użyty jako platforma dla CSRF, włączając w to atak obsługiwany w granicach polityki tego samego pochodzenia.
|
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/acsrf/other/genForm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "actionUrl" "apikey" "button" "hrefId" ]. |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "actionUrl" "apikey" "button" "hrefId" ]. |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attributeName" "attributeValue" "button" "contextName" "description" "element" "enabled" "text" "xpath" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attributeName" "attributeValue" "button" "contextName" "description" "element" "enabled" "text" "xpath" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attributeName" "attributeValue" "button" "contextName" "description" "descriptionNew" "element" "enabled" "text" "xpath" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attributeName" "attributeValue" "button" "contextName" "description" "descriptionNew" "element" "enabled" "text" "xpath" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "description" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "description" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "inScope" "subtreeOnly" "url" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "inScope" "subtreeOnly" "url" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "subtreeOnly" "url" "userName" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "subtreeOnly" "url" "userName" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "regex" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alert/action/addAlert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "button" "confidenceId" "cweId" "description" "evidence" "messageId" "name" "otherInfo" "param" "references" "riskId" "solution" "wascId" ]. |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "button" "confidenceId" "cweId" "description" "evidence" "messageId" "name" "otherInfo" "param" "references" "riskId" "solution" "wascId" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "contextName" "riskId" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "contextName" "riskId" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "button" "confidenceId" "cweId" "description" "evidence" "id" "name" "otherInfo" "param" "references" "riskId" "solution" "wascId" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "button" "confidenceId" "cweId" "description" "evidence" "id" "name" "otherInfo" "param" "references" "riskId" "solution" "wascId" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "confidenceId" "ids" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "confidenceId" "ids" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "riskId" ]. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "riskId" ]. |
| URL | http://localhost:3000/UI/alert/view/alert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "recurse" "url" ]. |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "recurse" "url" ]. |
| URL | http://localhost:3000/UI/alert/view/alerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "contextName" "count" "riskId" "start" ]. |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "contextName" "count" "riskId" "start" ]. |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "recurse" "url" ]. |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "recurse" "url" ]. |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "riskId" ]. |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "riskId" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "contextId" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "contextId" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "contextId" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "contextId" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attack" "attackIsRegex" "button" "enabled" "evidence" "evidenceIsRegex" "methods" "newLevel" "parameter" "parameterIsRegex" "ruleId" "url" "urlIsRegex" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "type" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "type" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "attackStrength" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "attackStrength" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "path" ]. |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "path" ]. |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "name" "type" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "name" "type" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/pause/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/resume/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/scan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "inScopeOnly" "method" "postData" "recurse" "scanPolicyName" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "inScopeOnly" "method" "postData" "recurse" "scanPolicyName" "url" ]. |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "method" "postData" "recurse" "scanPolicyName" "url" "userId" ]. |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "method" "postData" "recurse" "scanPolicyName" "url" "userId" ]. |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attackStrength" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attackStrength" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attackStrength" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "attackStrength" "button" "id" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" "scannerId" ]. |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" "scannerId" ]. |
| URL | http://localhost:3000/UI/ascan/action/stop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "attackStrength" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "attackStrength" "button" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/policies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "policyId" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "policyId" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "policyId" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "policyId" "scanPolicyName" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/scans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ascan/view/status/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authMethodConfigParams" "authMethodName" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authMethodConfigParams" "authMethodName" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "loggedInIndicatorRegex" ]. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "loggedInIndicatorRegex" ]. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "loggedOutIndicatorRegex" ]. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "loggedOutIndicatorRegex" ]. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authMethodName" "button" ]. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authMethodName" "button" ]. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "bodyRegex" "button" "contextId" "headerRegex" "logicalOperator" "statusCode" ]. |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "bodyRegex" "button" "contextId" "headerRegex" "logicalOperator" "statusCode" ]. |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/automation/action/runPlan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/automation/view/planProgress/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "planId" ]. |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "planId" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ignorecase" "inverse" "location" "match" "string" ]. |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ignorecase" "inverse" "location" "match" "string" ]. |
| URL | http://localhost:3000/UI/break/action/break/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scope" "state" "type" ]. |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scope" "state" "type" ]. |
| URL | http://localhost:3000/UI/break/action/continue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/continue/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/drop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/drop/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ignorecase" "inverse" "location" "match" "string" ]. |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ignorecase" "inverse" "location" "match" "string" ]. |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "httpBody" "httpHeader" ]. |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "httpBody" "httpHeader" ]. |
| URL | http://localhost:3000/UI/break/action/step/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/action/step/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keepalive" "poll" ]. |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keepalive" "poll" ]. |
| URL | http://localhost:3000/UI/break/view/httpMessage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakAll/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "technologyNames" ]. |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "technologyNames" ]. |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "regex" ]. |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "regex" ]. |
| URL | http://localhost:3000/UI/context/action/exportContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextFile" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextFile" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/importContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextFile" ]. |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextFile" ]. |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "technologyNames" ]. |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "technologyNames" ]. |
| URL | http://localhost:3000/UI/context/action/includeInContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "regex" ]. |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "regex" ]. |
| URL | http://localhost:3000/UI/context/action/newContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/removeContext/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "checkingStrategy" "contextName" "pollData" "pollFrequency" "pollFrequencyUnits" "pollHeaders" "pollUrl" ]. |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "checkingStrategy" "contextName" "pollData" "pollFrequency" "pollFrequencyUnits" "pollHeaders" "pollUrl" ]. |
| URL | http://localhost:3000/UI/context/action/setContextInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "booleanInScope" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "booleanInScope" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "excRegexs" "incRegexs" ]. |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "excRegexs" "incRegexs" ]. |
| URL | http://localhost:3000/UI/context/view/context/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/contextList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/includeRegexs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/technologyList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/context/view/urls/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" ]. |
| URL | http://localhost:3000/UI/core/action/accessUrl/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "url" ]. |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "url" ]. |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/createSbomZip/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/core/action/deleteAlert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "method" "postData" "url" ]. |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "method" "postData" "url" ]. |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" "index" "password" ]. |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" "index" "password" ]. |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/core/action/generateRootCA/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/loadSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" ]. |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" ]. |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/core/action/newSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/saveSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/action/sendRequest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "dir" ]. |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "dir" ]. |
| URL | http://localhost:3000/UI/core/action/setMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "mode" ]. |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "mode" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "numberOfInstances" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "numberOfInstances" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/core/action/shutdown/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/action/snapshotSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" "overwrite" ]. |
| URL | http://localhost:3000/UI/core/other/fileDownload/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "fileName" ]. |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "fileName" ]. |
| URL | http://localhost:3000/UI/core/other/fileUpload/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override" enctype="multipart/form-data"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "fileContents" "fileName" ]. |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override" enctype="multipart/form-data"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "fileContents" "fileName" ]. |
| URL | http://localhost:3000/UI/core/other/htmlreport/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/jsonreport/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/mdreport/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/messageHar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/other/messagesHar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/core/other/messagesHarById/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/core/other/proxy.pac/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/rootcert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/core/other/setproxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "proxy" ]. |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "proxy" ]. |
| URL | http://localhost:3000/UI/core/other/xmlreport/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/alert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/view/alerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "riskId" "start" ]. |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "riskId" "start" ]. |
| URL | http://localhost:3000/UI/core/view/alertsSummary/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/childNodes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/homeDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/hosts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/message/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/core/view/messages/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/core/view/messagesById/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/core/view/mode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/mode/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "riskId" ]. |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "riskId" ]. |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionHttpState/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/sessionLocation/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/sites/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/urls/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" ]. |
| URL | http://localhost:3000/UI/core/view/version/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/version/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/zapHomePath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/exim/action/importHar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importUrls/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/exim/other/exportHar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "start" ]. |
| URL | http://localhost:3000/UI/exim/other/exportHarById/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "followRedirects" "request" ]. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "boolean" "button" ]. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "boolean" "button" ]. |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/importFile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endurl" "file" ]. |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endurl" "file" ]. |
| URL | http://localhost:3000/UI/graphql/action/importUrl/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endurl" "url" ]. |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endurl" "url" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "tokenEnabled" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "tokenEnabled" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "newSessionName" "oldSessionName" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "newSessionName" "oldSessionName" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "tokenEnabled" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "sessionToken" "tokenEnabled" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "sessionToken" "site" "tokenValue" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "sessionToken" "site" "tokenValue" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "session" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sites/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/log/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "record" ]. |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "record" ]. |
| URL | http://localhost:3000/UI/hud/action/recordRequest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "body" "button" "header" ]. |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "body" "button" "header" ]. |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/hud/action/setUiOption/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" "value" ]. |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" "value" ]. |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/getUiOption/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/hud/view/heartbeat/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "incUnset" ]. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "incUnset" ]. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "incUnset" ]. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "incUnset" ]. |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "alwaysDecodeZip" "apikey" "behindNat" "button" "port" "removeUnsupportedEncodings" ]. |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "alwaysDecodeZip" "apikey" "behindNat" "button" "port" "removeUnsupportedEncodings" ]. |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "apikey" "button" "port" ]. |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "apikey" "button" "port" ]. |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/action/addAlias/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "name" ]. |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "name" ]. |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "host" ]. |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "host" ]. |
| URL | http://localhost:3000/UI/network/action/addLocalServer/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "api" "apikey" "behindNat" "button" "decodeResponse" "port" "proxy" "removeAcceptEncoding" ]. |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "api" "apikey" "behindNat" "button" "decodeResponse" "port" "proxy" "removeAcceptEncoding" ]. |
| URL | http://localhost:3000/UI/network/action/addPassThrough/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" "index" "password" ]. |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" "index" "password" ]. |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" "groupBy" "matchRegex" "matchString" "requestsPerSecond" ]. |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" "groupBy" "matchRegex" "matchString" "requestsPerSecond" ]. |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "filePath" ]. |
| URL | http://localhost:3000/UI/network/action/removeAlias/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" ]. |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "name" ]. |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" ]. |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" ]. |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "apikey" "button" "port" ]. |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address" "apikey" "button" "port" ]. |
| URL | http://localhost:3000/UI/network/action/removePassThrough/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" ]. |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" ]. |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" ]. |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" ]. |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "name" ]. |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "name" ]. |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "timeout" ]. |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "timeout" ]. |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "userAgent" ]. |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "userAgent" ]. |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ttl" ]. |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ttl" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" "password" "port" "realm" "username" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" "password" "port" "realm" "username" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "host" ]. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" "host" ]. |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authority" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "validity" ]. |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "validity" ]. |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "validity" ]. |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "validity" ]. |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" "password" "port" "useDns" "username" "version" ]. |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "host" "password" "port" "useDns" "username" "version" ]. |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "use" ]. |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "use" ]. |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "use" ]. |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "use" ]. |
| URL | http://localhost:3000/UI/network/other/proxy.pac/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/other/rootCaCert/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/other/setProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "proxy" ]. |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "proxy" ]. |
| URL | http://localhost:3000/UI/network/view/getAliases/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getLocalServers/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/openapi/action/importFile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "file" "target" ]. |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "file" "target" ]. |
| URL | http://localhost:3000/UI/openapi/action/importUrl/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "hostOverride" "url" ]. |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "hostOverride" "url" ]. |
| URL | http://localhost:3000/UI/params/view/params/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "site" ]. |
| URL | http://localhost:3000/UI/postman/action/importFile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endpointUrl" "file" ]. |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endpointUrl" "file" ]. |
| URL | http://localhost:3000/UI/postman/action/importUrl/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endpointUrl" "url" ]. |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "endpointUrl" "url" ]. |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "ids" ]. |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "maxAlerts" ]. |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "maxAlerts" ]. |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertThreshold" "apikey" "button" "id" ]. |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "onlyInScope" ]. |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "onlyInScope" ]. |
| URL | http://localhost:3000/UI/pscan/view/currentRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/scanners/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/replacer/action/addRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" "initiators" "matchRegex" "matchString" "matchType" "replacement" "url" ]. |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" "enabled" "initiators" "matchRegex" "matchString" "matchType" "replacement" "url" ]. |
| URL | http://localhost:3000/UI/replacer/action/removeRule/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" ]. |
| URL | http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "description" ]. |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "bool" "button" "description" ]. |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "bool" "button" "description" ]. |
| URL | http://localhost:3000/UI/replacer/view/rules/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/reports/action/generate/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contexts" "description" "display" "includedConfidences" "includedRisks" "reportDir" "reportFileName" "reportFileNamePattern" "sections" "sites" "template" "theme" "title" ]. |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contexts" "description" "display" "includedConfidences" "includedRisks" "reportDir" "reportFileName" "reportFileNamePattern" "sections" "sites" "template" "theme" "title" ]. |
| URL | http://localhost:3000/UI/reports/view/templateDetails/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "template" ]. |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "template" ]. |
| URL | http://localhost:3000/UI/reports/view/templates/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/retest/action/retest/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertIds" "apikey" "button" ]. |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "alertIds" "apikey" "button" ]. |
| URL | http://localhost:3000/UI/reveal/action/setReveal/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "reveal" ]. |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "reveal" ]. |
| URL | http://localhost:3000/UI/reveal/view/reveal/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" "value" ]. |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" "value" ]. |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "key" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/disable/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/enable/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/load/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "charset" "fileName" "scriptDescription" "scriptEngine" "scriptName" "scriptType" ]. |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "charset" "fileName" "scriptDescription" "scriptEngine" "scriptName" "scriptType" ]. |
| URL | http://localhost:3000/UI/script/action/remove/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" "varValue" ]. |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" "varValue" ]. |
| URL | http://localhost:3000/UI/script/action/setScriptVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" "varValue" ]. |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" "varValue" ]. |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/globalVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/globalVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listEngines/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listScripts/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listTypes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/view/scriptVar/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" "varKey" ]. |
| URL | http://localhost:3000/UI/script/view/scriptVars/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scriptName" ]. |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "baseurl" "button" "count" "regex" "start" ]. |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" ]. |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" ]. |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "argument" "browser" "button" "enabled" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "browser" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "browser" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "methodConfigParams" "methodName" ]. |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "methodConfigParams" "methodName" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "methodName" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "methodName" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/soap/action/importFile/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "file" ]. |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "file" ]. |
| URL | http://localhost:3000/UI/soap/action/importUrl/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "url" ]. |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "regex" ]. |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" "isEnabled" "isRegex" "value" ]. |
| URL | http://localhost:3000/UI/spider/action/pause/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "idx" ]. |
| URL | http://localhost:3000/UI/spider/action/removeScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/resume/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/scan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "maxChildren" "recurse" "subtreeOnly" "url" ]. |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextName" "maxChildren" "recurse" "subtreeOnly" "url" ]. |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "maxChildren" "recurse" "subtreeOnly" "url" "userId" ]. |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "maxChildren" "recurse" "subtreeOnly" "url" "userId" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/spider/action/stop/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/addedNodes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/allUrls/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/fullResults/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/results/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/scans/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/spider/view/status/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "scanId" ]. |
| URL | http://localhost:3000/UI/stats/action/clearStats/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "Boolean" "button" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "Integer" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "String" ]. |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/stats/view/siteStats/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" "site" ]. |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" "site" ]. |
| URL | http://localhost:3000/UI/stats/view/stats/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "keyPrefix" ]. |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/newUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "name" ]. |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "name" ]. |
| URL | http://localhost:3000/UI/users/action/pollAsUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/removeUser/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authCredentialsConfigParams" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "authCredentialsConfigParams" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "lastPollResult" "lastPollTimeInMs" "requestsSinceLastPoll" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "lastPollResult" "lastPollTimeInMs" "requestsSinceLastPoll" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setCookie/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "domain" "name" "path" "secure" "userId" "value" ]. |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "domain" "name" "path" "secure" "userId" "value" ]. |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "enabled" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "enabled" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setUserName/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "name" "userId" ]. |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "name" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getUserById/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" "userId" ]. |
| URL | http://localhost:3000/UI/users/view/usersList/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "contextId" ]. |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "message" "outgoing" ]. |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "message" "outgoing" ]. |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "message" "outgoing" ]. |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "message" "outgoing" ]. |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/websocket/view/channels/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" ]. |
| URL | http://localhost:3000/UI/websocket/view/message/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "messageId" ]. |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "messageId" ]. |
| URL | http://localhost:3000/UI/websocket/view/messages/ |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "count" "payloadPreviewLength" "start" ]. |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | |
| Atak | |
| Evidence | <form id="zapform" name="zapform" action="override"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "apikey" "button" "channelId" "count" "payloadPreviewLength" "start" ]. |
| Instances | 1338 |
| Solution |
Faza: Architektura i Projektowanie
Używaj sprawdzonej biblioteki lub struktury, które nie pozwalają na wystąpienie tego osłabienia lub wprowadzają konstrukcje, które sprawiają, że to osłabienie jest łatwiejsze do uniknięcia.
Na przykład, używaj pakietów anty-CSRF takich jak OWASP CSRFGuard.
Faza: Implementacja
Upewnij się, że twoja aplikacja jest wolna od kwestii cross-site scripting, ponieważ większość obron CSRF mogą być ominięte przez kontrolowany przez atakującego skrypt.
Fazy: Architektura i Projektowanie
Wygeneruj unikalny numer dla każdego formularza, umieść go w formularzu i zweryfikuj wartość jednorazową po otrzymaniu formularza. Upewnij się, że liczba nie będzie przewidywalna (CWE-330).
Zwróć uwagę na to, że może to być ominięte używając XSS.
Identyfikuj zwłaszcza niebezpieczne działania. Kiedy użytkownik przeprowadza niebezpieczną operację, wyślij odrębne żądanie potwierdzenia by upewnić się, że użytkownik jest przeznaczony do przeprowadzenia tego działania.
Zwróć uwagę na to, że może to być ominięte używając XSS.
Używaj regulacji Zarządzania Sesją ESAPI.
Ta kontrola obejmuje komponent dla CSRF.
Nie używaj metody GET dla żadnego żądania, która uruchamia zmianę stanu.
Faza: Implementacja
Sprawdź nagłówek HTTP Referer, aby sprawdzić, czy żądanie pochodzi z oczekiwanej strony. To mogłoby przerwać prawowitą funkcjonalność, ponieważ użytkownicy lub proxy mogłyby zostać wyłączone wysyłając dla Referer prywatnych powodów.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Request-Forgery
https://cwe.mitre.org/data/definitions/352.html |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Średni |
CSP: Wildcard Directive |
|---|---|
| Opis |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/OTHER/network/other/proxy.pac/?apinonce=4d9a8b33d437a1e0 |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/other/genForm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/addAlert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/pause/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/resume/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/scan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/stop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/policies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/status/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authorization/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/action/runPlan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/view/planProgress/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/break/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/continue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/continue/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/drop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/drop/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/step/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/action/step/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/httpMessage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakAll/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/exportContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/importContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeInContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/newContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/removeContext/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/context/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/contextList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/includeRegexs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/technologyList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/urls/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/accessUrl/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/createSbomZip/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteAlert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/generateRootCA/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/loadSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/newSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/saveSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/sendRequest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/shutdown/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/snapshotSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/fileDownload/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/fileUpload/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/htmlreport/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/jsonreport/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/mdreport/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messageHar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messagesHar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messagesHarById/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/proxy.pac/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/rootcert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/setproxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/xmlreport/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alertsSummary/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/childNodes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/homeDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/hosts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/message/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/messages/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/messagesById/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/mode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/mode/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionHttpState/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/sessionLocation/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/sites/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/urls/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/version/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/version/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/zapHomePath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importHar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importUrls/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/exportHar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/exportHarById/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/importFile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/importUrl/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sites/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/log/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/recordRequest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setUiOption/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/getUiOption/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/heartbeat/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/hudfiles/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/keyboard/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addAlias/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addLocalServer/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addPassThrough/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeAlias/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removePassThrough/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/proxy.pac/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/rootCaCert/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/setProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getAliases/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getLocalServers/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/openapi/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/openapi/action/importFile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/openapi/action/importUrl/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/params/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/params/view/params/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/postman/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/postman/action/importFile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/postman/action/importUrl/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/currentRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/scanners/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/quickstartlaunch/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/addRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/removeRule/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/view/rules/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/action/generate/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/view/templateDetails/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/view/templates/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/retest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/retest/action/retest/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reveal/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reveal/action/setReveal/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reveal/view/reveal/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/disable/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/enable/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/load/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/remove/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/setScriptVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listEngines/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listScripts/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listTypes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptVar/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptVars/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/soap/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/soap/action/importFile/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/soap/action/importUrl/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/pause/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/resume/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/scan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/stop/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/addedNodes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/allUrls/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/fullResults/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/results/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/scans/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/status/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/clearStats/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/siteStats/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/stats/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/newUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/pollAsUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/removeUser/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setCookie/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setUserName/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getUserById/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/usersList/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/channels/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/message/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/messages/ |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | Content-Security-Policy |
| Atak | |
| Evidence | default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| Instances | 1382 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Informacyjny |
Authentication Request Identified |
|---|---|
| Opis |
The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified.
|
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | password |
| Other Info | userParam=username userValue=ZAP passwordParam=password referer=http://localhost:3000/UI/network/action/setHttpProxy/ |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | password |
| Other Info | userParam=username userValue=ZAP passwordParam=password referer=http://localhost:3000/UI/network/action/setSocksProxy/ |
| Instances | 2 |
| Solution |
This is an informational alert rather than a vulnerability and so there is nothing to fix.
|
| Reference | https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/ |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10111 |
|
Informacyjny |
Information Disclosure - Sensitive Information in URL |
|---|---|
| Opis |
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
|
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | userName |
| Atak | |
| Evidence | userName |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userName |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | password |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass password |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | tokenEnabled |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token tokenEnabled |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | session |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session session |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | session |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session session |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | newSessionName |
| Atak | |
| Evidence | newSessionName |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session newSessionName |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | oldSessionName |
| Atak | |
| Evidence | oldSessionName |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session oldSessionName |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | session |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session session |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | tokenEnabled |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token tokenEnabled |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | session |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session session |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | sessionToken |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token sessionToken |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | tokenValue |
| Atak | |
| Evidence | tokenValue |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: token tokenValue |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | session |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: session session |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | password |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass password |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | userAgent |
| Atak | |
| Evidence | userAgent |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userAgent |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | password |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass password |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | username |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user username |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | password |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass password |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | username |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user username |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | userId |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user userId |
| Instances | 39 |
| Solution |
Do not pass sensitive information in URIs.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10024 |
|
Informacyjny |
User Agent Fuzzer |
|---|---|
| Opis |
Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
|
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0 |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0 |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4 |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 |
| Evidence | |
| Other Info | |
| URL | http://localhost:3000/ |
| Metody | GET |
| Parameter | Header User-Agent |
| Atak | msnbot/1.1 (+http://search.msn.com/msnbot.htm) |
| Evidence | |
| Other Info | |
| Instances | 12 |
| Solution | |
| Reference | https://owasp.org/wstg |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10104 |
|
Informacyjny |
User Controllable HTML Element Attribute (Potential XSS) |
|---|---|
| Opis |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/addOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/removeOptionToken/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/action/setOptionPartialMatchingEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | actionUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: actionUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | actionUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: actionUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | hrefId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: hrefId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP |
| Metody | GET |
| Parameter | hrefId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/other/genForm/override?actionUrl=ZAP&apikey=ZAP&hrefId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: hrefId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionPartialMatchingEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/acsrf/view/optionTokensNames/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: element=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: element=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: element=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: text=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: text=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: text=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: xpath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: xpath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/addExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: xpath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attributeName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | attributeValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attributeValue=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | descriptionNew |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: descriptionNew=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | descriptionNew |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: descriptionNew=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | descriptionNew |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: descriptionNew=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: element=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: element=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | element |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: element=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: text=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: text=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | text |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: text=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: xpath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: xpath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP |
| Metody | GET |
| Parameter | xpath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/modifyExcludedElement/override?apikey=ZAP&attributeName=ZAP&attributeValue=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&descriptionNew=ZAP&element=ZAP&enabled=ZAP&text=ZAP&xpath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: xpath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeAllowedResource/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/removeExcludedElement/override?apikey=ZAP&contextName=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: inScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: inScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: inScope=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scan/override?apikey=ZAP&contextName=ZAP&inScope=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | userName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | userName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP |
| Metody | GET |
| Parameter | userName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/scanAsUser/override?apikey=ZAP&contextName=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setEnabledAllowedResource/override?apikey=ZAP&enabled=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionBrowserId/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickDefaultElems/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionClickElemsOnce/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionEventWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxCrawlStates/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionNumberOfBrowsers/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionRandomInputs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/setOptionReloadWait/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/action/stop/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/allowedResources/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/excludedElements/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/fullResults/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/numberOfResults/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionBrowserId/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickDefaultElems/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionClickElemsOnce/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionEventWait/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlDepth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxCrawlStates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionNumberOfBrowsers/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionRandomInputs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/optionReloadWait/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/results/override?apikey=ZAP&count=3&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ajaxSpider/view/status/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: cweId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: cweId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: cweId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: messageId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: messageId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: messageId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: param=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: param=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: param=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: references=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: references=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: references=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: solution=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: solution=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: solution=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: wascId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: wascId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/addAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&messageId=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: wascId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAlerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: cweId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: cweId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | cweId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: cweId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | otherInfo |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: otherInfo=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: param=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: param=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | param |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: param=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: references=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: references=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | references |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: references=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: solution=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: solution=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | solution |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: solution=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: wascId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: wascId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP |
| Metody | GET |
| Parameter | wascId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlert/override?apikey=ZAP&attack=ZAP&confidenceId=ZAP&cweId=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&evidence=ZAP&id=ZAP&name=ZAP&otherInfo=ZAP¶m=ZAP&references=ZAP&riskId=ZAP&solution=ZAP&wascId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: wascId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | confidenceId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: confidenceId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsConfidence/override?apikey=ZAP&confidenceId=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/action/updateAlertsRisk/override?apikey=ZAP&ids=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertCountsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alerts/override?apikey=ZAP&baseurl=ZAP&contextName=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsByRisk/override?apikey=ZAP&recurse=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alert/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/addGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyAll/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyContext/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/applyGlobal/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&contextId=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attack=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attack |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attack=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | attackIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidence=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidence |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidence=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | evidenceIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: evidenceIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methods=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | methods |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methods=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | newLevel |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: newLevel=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameter=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameter |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameter=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | parameterIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: parameterIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | ruleId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ruleId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP |
| Metody | GET |
| Parameter | urlIsRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/removeGlobalAlertFilter/override?apikey=ZAP&attack=ZAP&attackIsRegex=ZAP&enabled=ZAP&evidence=ZAP&evidenceIsRegex=ZAP&methods=ZAP&newLevel=ZAP¶meter=ZAP¶meterIsRegex=ZAP&ruleId=ZAP&url=https%3A%2F%2Fzap.example.com&urlIsRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: urlIsRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testAll/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testContext/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/action/testGlobal/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/alertFilterList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/alertFilter/view/globalAlertFilterList/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addExcludedParam/override?apikey=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/addScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/disableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableAllScanners/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/enableScanners/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: path=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: path=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/importScanPolicy/override?apikey=ZAP&path=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: path=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/modifyExcludedParam/override?apikey=ZAP&idx=ZAP&name=ZAP&type=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeExcludedParam/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/removeScanPolicy/override?apikey=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScopeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: inScopeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScopeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: inScopeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | inScopeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: inScopeOnly=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scan/override?apikey=ZAP&contextId=ZAP&inScopeOnly=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&method=ZAP&postData=ZAP&recurse=ZAP&scanPolicyName=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setEnabledPolicies/override?apikey=ZAP&ids=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAddQueryParam/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAllowAttackOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionAttackPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDefaultPolicy/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionDelayInMs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHandleAntiCSRFTokens/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionHostPerScan/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionInjectPluginIdInHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxAlertsPerRule/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxChartTimeInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxResultsToList/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxRuleDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScanDurationInMins/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionPromptToClearFinishedScans/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionRescanInAttackMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanHeadersAllRequests/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionScanNullJsonValues/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsEnabledRPC/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionTargetParamsInjectable/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setOptionThreadPerHost/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setPolicyAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/setScannerAttackStrength/override?apikey=ZAP&attackStrength=ZAP&id=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scannerId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scannerId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scannerId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scannerId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP |
| Metody | GET |
| Parameter | scannerId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/skipScanner/override?apikey=ZAP&scanId=ZAP&scannerId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scannerId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | attackStrength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: attackStrength=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/action/updateScanPolicy/override?alertThreshold=ZAP&apikey=ZAP&attackStrength=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/alertsIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/attackModeQueue/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParams/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/excludedParamTypes/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/messagesIds/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAddQueryParam/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAllowAttackOnStart/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionAttackPolicy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDefaultPolicy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionDelayInMs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionExcludedParamList/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHandleAntiCSRFTokens/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionHostPerScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionInjectPluginIdInHeader/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxChartTimeInMins/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxResultsToList/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxRuleDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScanDurationInMins/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionPromptToClearFinishedScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionRescanInAttackMode/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanHeadersAllRequests/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionScanNullJsonValues/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsEnabledRPC/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionTargetParamsInjectable/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/optionThreadPerHost/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: policyId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: policyId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: policyId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/policies/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: policyId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: policyId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | policyId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: policyId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP |
| Metody | GET |
| Parameter | scanPolicyName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanners/override?apikey=ZAP&policyId=ZAP&scanPolicyName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanPolicyName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanPolicyNames/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scanProgress/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/scans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ascan/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authMethodConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authMethodConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authMethodConfigParams=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setAuthenticationMethod/override?apikey=ZAP&authMethodConfigParams=ZAP&authMethodName=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedInIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: loggedInIndicatorRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedInIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: loggedInIndicatorRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedInIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedInIndicator/override?apikey=ZAP&contextId=ZAP&loggedInIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: loggedInIndicatorRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedOutIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: loggedOutIndicatorRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedOutIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: loggedOutIndicatorRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP |
| Metody | GET |
| Parameter | loggedOutIndicatorRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/action/setLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP&loggedOutIndicatorRegex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: loggedOutIndicatorRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP |
| Metody | GET |
| Parameter | authMethodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getAuthenticationMethodConfigParams/override?apikey=ZAP&authMethodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authMethodName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedInIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getLoggedOutIndicator/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authentication/view/getSupportedAuthenticationMethods/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | bodyRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: bodyRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | bodyRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: bodyRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | bodyRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: bodyRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | headerRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: headerRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | headerRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: headerRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | headerRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: headerRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | logicalOperator |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: logicalOperator=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | logicalOperator |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: logicalOperator=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | logicalOperator |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: logicalOperator=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | statusCode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: statusCode=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | statusCode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: statusCode=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP |
| Metody | GET |
| Parameter | statusCode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/action/setBasicAuthorizationDetectionMethod/override?apikey=ZAP&bodyRegex=ZAP&contextId=ZAP&headerRegex=ZAP&logicalOperator=ZAP&statusCode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: statusCode=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/authorization/view/getAuthorizationDetectionMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/endDelayJob/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/action/runPlan/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | planId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: planId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | planId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: planId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP |
| Metody | GET |
| Parameter | planId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/automation/view/planProgress/override?apikey=ZAP&planId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: planId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/downloadLatestRelease/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/installAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionCheckOnStart/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionDownloadNewRelease/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallAddonUpdates/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionInstallScannerRules/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportAlphaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportBetaAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/setOptionReportReleaseAddons/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/action/uninstallAddon/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/installedAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/isLatestVersion/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/latestVersionNumber/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/localAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/marketplaceAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/newAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionAddonDirectories/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionCheckOnStart/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastChecked/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastInstallWarned/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDayLastUpdateWarned/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadDirectory/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionDownloadNewRelease/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallAddonUpdates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionInstallScannerRules/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportAlphaAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportBetaAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/optionReportReleaseAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/autoupdate/view/updatedAddons/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: inverse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: inverse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: inverse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: location=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: location=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: location=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: match=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: match=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: match=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: string=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: string=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/addHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: string=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | scope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | scope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | scope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scope=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: type=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP |
| Metody | GET |
| Parameter | type |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/break/override?apikey=ZAP&scope=ZAP&state=Oklahoma&type=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: type=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/continue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/continue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/continue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/continue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/continue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/continue/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/drop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/drop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/drop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/drop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/drop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/drop/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | ignorecase |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ignorecase=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: inverse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: inverse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | inverse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: inverse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: location=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: location=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | location |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: location=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: match=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: match=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | match |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: match=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: string=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: string=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP |
| Metody | GET |
| Parameter | string |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/removeHttpBreakpoint/override?apikey=ZAP&ignorecase=ZAP&inverse=ZAP&location=ZAP&match=ZAP&string=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: string=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpBody |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: httpBody=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpBody |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: httpBody=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpBody |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: httpBody=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpHeader |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: httpHeader=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpHeader |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: httpHeader=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP |
| Metody | GET |
| Parameter | httpHeader |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/setHttpMessage/override?apikey=ZAP&httpBody=ZAP&httpHeader=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: httpHeader=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/action/step/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/step/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/step/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/step/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/action/step/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/action/step/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | keepalive |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: keepalive=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | keepalive |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: keepalive=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | keepalive |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: keepalive=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | poll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: poll=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | poll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: poll=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP |
| Metody | GET |
| Parameter | poll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/pconn/waitForHttpBreak/override?apikey=ZAP&keepalive=ZAP&poll=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: poll=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/httpMessage/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakAll/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakRequest/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/break/view/isBreakResponse/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/excludeFromContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/exportContext/override?apikey=ZAP&contextFile=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP |
| Metody | GET |
| Parameter | contextFile |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/importContext/override?apikey=ZAP&contextFile=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextFile=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeAllContextTechnologies/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP |
| Metody | GET |
| Parameter | technologyNames |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeContextTechnologies/override?apikey=ZAP&contextName=ZAP&technologyNames=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: technologyNames=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/includeInContext/override?apikey=ZAP&contextName=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/newContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/removeContext/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | checkingStrategy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: checkingStrategy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | checkingStrategy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: checkingStrategy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | checkingStrategy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: checkingStrategy=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: pollData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: pollData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: pollData=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequency |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: pollFrequency=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequency |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: pollFrequency=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequency |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: pollFrequency=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequencyUnits |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: pollFrequencyUnits=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequencyUnits |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: pollFrequencyUnits=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollFrequencyUnits |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: pollFrequencyUnits=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollHeaders |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: pollHeaders=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollHeaders |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: pollHeaders=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollHeaders |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: pollHeaders=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: pollUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: pollUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP |
| Metody | GET |
| Parameter | pollUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextCheckingStrategy/override?apikey=ZAP&checkingStrategy=ZAP&contextName=ZAP&pollData=ZAP&pollFrequency=ZAP&pollFrequencyUnits=ZAP&pollHeaders=ZAP&pollUrl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: pollUrl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | booleanInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: booleanInScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | booleanInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: booleanInScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | booleanInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: booleanInScope=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextInScope/override?apikey=ZAP&booleanInScope=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | excRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: excRegexs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | excRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: excRegexs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | excRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: excRegexs=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | incRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: incRegexs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | incRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: incRegexs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP |
| Metody | GET |
| Parameter | incRegexs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/action/setContextRegexs/override?apikey=ZAP&contextName=ZAP&excRegexs=ZAP&incRegexs=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: incRegexs=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/context/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/contextList/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/excludeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includedTechnologyList/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/includeRegexs/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/technologyList/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/context/view/urls/override?apikey=ZAP&contextName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/accessUrl/override?apikey=ZAP&followRedirects=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/addProxyChainExcludedDomain/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/clearExcludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/createSbomZip/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAlert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteAllAlerts/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: method=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | method |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: method=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: postData=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | postData |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/deleteSiteNode/override?apikey=ZAP&method=ZAP&postData=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: postData=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/disableClientCertificate/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enableAllProxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: index=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: index=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: index=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/enablePKCS12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/excludeFromProxy/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/generateRootCA/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/loadSession/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/modifyProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/newSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/removeProxyChainExcludedDomain/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/runGarbageCollection/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/saveSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/sendRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: request=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | dir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: dir=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | dir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: dir=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP |
| Metody | GET |
| Parameter | dir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setHomeDirectory/override?apikey=ZAP&dir=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: dir=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | mode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: mode=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | mode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: mode=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP |
| Metody | GET |
| Parameter | mode |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setMode/override?apikey=ZAP&mode=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: mode=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionAlertOverridesFilePath/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDefaultUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionDnsTtlSuccessfulQueries/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionHttpStateEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | numberOfInstances |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: numberOfInstances=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | numberOfInstances |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: numberOfInstances=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP |
| Metody | GET |
| Parameter | numberOfInstances |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMaximumAlertInstances/override?apikey=ZAP&numberOfInstances=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: numberOfInstances=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionMergeRelatedAlerts/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPassword/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainPrompt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainRealm/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainSkipName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionProxyChainUserName/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionSingleCookieRequestHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionTimeoutInSecs/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChain/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseProxyChainAuth/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/setOptionUseSocksProxy/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/shutdown/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP |
| Metody | GET |
| Parameter | overwrite |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/action/snapshotSession/override?apikey=ZAP&name=ZAP&overwrite=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: overwrite=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileDownload/override?apikey=ZAP&fileName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/fileUpload/override?apikey=ZAP&fileContents=test_file.txt&fileName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/htmlreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/jsonreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/mdreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messageHar/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/messagesHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/proxy.pac/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/rootcert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/setproxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/other/xmlreport/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alert/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alerts/override?apikey=ZAP&baseurl=ZAP&count=3&riskId=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/alertsSummary/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/childNodes/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/excludedFromProxy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/homeDirectory/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/hosts/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/message/override?apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messages/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/messagesById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/mode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/mode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/mode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/mode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/mode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/mode/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: riskId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP |
| Metody | GET |
| Parameter | riskId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfAlerts/override?apikey=ZAP&baseurl=ZAP&riskId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: riskId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/numberOfMessages/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionAlertOverridesFilePath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpState/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionHttpStateEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMaximumAlertInstances/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionMergeRelatedAlerts/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainName/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPassword/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPort/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainPrompt/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainRealm/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainSkipName/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyChainUserName/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionProxyExcludedDomainsEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionSingleCookieRequestHeader/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionTimeoutInSecs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChain/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseProxyChainAuth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/optionUseSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/proxyChainExcludedDomains/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sessionLocation/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sites/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sites/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/sites/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/urls/override?apikey=ZAP&baseurl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/version/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/version/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/version/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/version/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/version/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/version/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: apikey=ZAP The user-controlled value was: zaphomepath |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP appears to include user input in: a(n) [input] tag [zap-name] attribute The user input found was: apikey=ZAP The user-controlled value was: zaphomepath |
| URL | http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/core/view/zapHomePath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importHar/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importModsec2Logs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importUrls/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/action/importZapLogs/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHar/override?apikey=ZAP&baseurl=ZAP&count=3&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/exportHarById/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | followRedirects |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: followRedirects=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP |
| Metody | GET |
| Parameter | request |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/exim/other/sendHarRequest/override?apikey=ZAP&followRedirects=ZAP&request=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: request=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP |
| Metody | GET |
| Parameter | boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/action/setForcedUserModeEnabled/override?apikey=ZAP&boolean=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/getForcedUser/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/forcedUser/view/isForcedUserModeEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: endurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: endurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: endurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importFile/override?apikey=ZAP&endurl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: endurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: endurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/importUrl/override?apikey=ZAP&endurl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: endurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionArgsType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionLenientMaxQueryDepthEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxAdditionalQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxArgsDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionMaxQueryDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionOptionalArgsEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQueryGenEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionQuerySplitType/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/action/setOptionRequestMethod/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionArgsType/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionLenientMaxQueryDepthEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxAdditionalQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxArgsDepth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionMaxQueryDepth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionOptionalArgsEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQueryGenEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionQuerySplitType/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/graphql/view/optionRequestMethod/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/addSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/createEmptySession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeDefaultSessionToken/override?apikey=ZAP&sessionToken=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/removeSessionToken/override?apikey=ZAP&sessionToken=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | newSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: newSessionName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | newSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: newSessionName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | newSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: newSessionName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | oldSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: oldSessionName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | oldSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: oldSessionName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | oldSessionName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: oldSessionName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/renameSession/override?apikey=ZAP&newSessionName=ZAP&oldSessionName=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setActiveSession/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP |
| Metody | GET |
| Parameter | tokenEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setDefaultSessionTokenEnabled/override?apikey=ZAP&sessionToken=ZAP&tokenEnabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: tokenEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | sessionToken |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sessionToken=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | tokenValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: tokenValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | tokenValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: tokenValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP |
| Metody | GET |
| Parameter | tokenValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/setSessionTokenValue/override?apikey=ZAP&session=ZAP&sessionToken=ZAP&site=ZAP&tokenValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: tokenValue=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/action/unsetActiveSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/activeSession/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/defaultSessionTokens/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: session=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | session |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: session=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessions/override?apikey=ZAP&session=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sessionTokens/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/httpSessions/view/sites/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | record |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: record=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | record |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: record=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP |
| Metody | GET |
| Parameter | record |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/log/override?apikey=ZAP&record=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: record=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | body |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: body=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | body |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: body=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | body |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: body=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | header |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: header=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | header |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: header=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP |
| Metody | GET |
| Parameter | header |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/recordRequest/override?apikey=ZAP&body=ZAP&header=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: header=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/resetTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionBaseDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionDevelopmentMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDaemon/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnabledForDesktop/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionEnableOnDomainMsgs/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionInScopeOnly/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionRemoveCSP/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionShowWelcomeScreen/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionSkipTutorialTasks/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTaskDone/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setOptionTutorialTestMode/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/action/setUiOption/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/other/changesInHtml/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/getUiOption/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/heartbeat/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/hudAlertData/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionAllowUnsafeEval/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionBaseDirectory/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionDevelopmentMode/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDaemon/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnabledForDesktop/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableOnDomainMsgs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionEnableTelemetry/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionInScopeOnly/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionRemoveCSP/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionShowWelcomeScreen/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionSkipTutorialTasks/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialHost/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialPort/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTasksDone/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialTestMode/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/optionTutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/tutorialUpdates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/hud/view/upgradedDomains/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | incUnset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: incUnset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | incUnset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetActionOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: incUnset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | incUnset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: incUnset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP |
| Metody | GET |
| Parameter | incUnset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/keyboard/other/cheatsheetKeyOrder/override?apikey=ZAP&incUnset=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: incUnset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | alwaysDecodeZip |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alwaysDecodeZip=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | alwaysDecodeZip |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alwaysDecodeZip=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | alwaysDecodeZip |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alwaysDecodeZip=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | removeUnsupportedEncodings |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: removeUnsupportedEncodings=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | removeUnsupportedEncodings |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: removeUnsupportedEncodings=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP |
| Metody | GET |
| Parameter | removeUnsupportedEncodings |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/addAdditionalProxy/override?address=688+Zaproxy+Ridge&alwaysDecodeZip=ZAP&apikey=ZAP&behindNat=ZAP&port=ZAP&removeUnsupportedEncodings=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: removeUnsupportedEncodings=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/action/removeAdditionalProxy/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/localProxies/view/additionalProxies/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addAlias/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addHttpProxyExclusion/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | api |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: api=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | api |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: api=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | api |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: api=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | behindNat |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: behindNat=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | decodeResponse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: decodeResponse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | decodeResponse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: decodeResponse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | decodeResponse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: decodeResponse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: proxy=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | removeAcceptEncoding |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: removeAcceptEncoding=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | removeAcceptEncoding |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: removeAcceptEncoding=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP |
| Metody | GET |
| Parameter | removeAcceptEncoding |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addLocalServer/override?address=688+Zaproxy+Ridge&api=ZAP&apikey=ZAP&behindNat=ZAP&decodeResponse=ZAP&port=ZAP&proxy=ZAP&removeAcceptEncoding=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: removeAcceptEncoding=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPassThrough/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: index=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: index=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | index |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: index=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addPkcs12ClientCertificate/override?apikey=ZAP&filePath=ZAP&index=ZAP&password=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | groupBy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: groupBy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | groupBy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: groupBy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | groupBy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: groupBy=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: matchString=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: matchString=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: matchString=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | requestsPerSecond |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: requestsPerSecond=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | requestsPerSecond |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: requestsPerSecond=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP |
| Metody | GET |
| Parameter | requestsPerSecond |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/addRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&groupBy=ZAP&matchRegex=ZAP&matchString=ZAP&requestsPerSecond=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: requestsPerSecond=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/generateRootCaCert/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: filePath=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP |
| Metody | GET |
| Parameter | filePath |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/importRootCaCert/override?apikey=ZAP&filePath=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: filePath=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeAlias/override?apikey=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeHttpProxyExclusion/override?apikey=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeLocalServer/override?address=688+Zaproxy+Ridge&apikey=ZAP&port=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removePassThrough/override?apikey=ZAP&authority=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/removeRateLimitRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setAliasEnabled/override?apikey=ZAP&enabled=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | timeout |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: timeout=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | timeout |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: timeout=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP |
| Metody | GET |
| Parameter | timeout |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setConnectionTimeout/override?apikey=ZAP&timeout=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: timeout=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | userAgent |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userAgent=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | userAgent |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userAgent=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP |
| Metody | GET |
| Parameter | userAgent |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDefaultUserAgent/override?apikey=ZAP&userAgent=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userAgent=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | ttl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ttl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | ttl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ttl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP |
| Metody | GET |
| Parameter | ttl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setDnsTtlSuccessfulQueries/override?apikey=ZAP&ttl=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ttl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | realm |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: realm=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | realm |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: realm=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | realm |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: realm=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: username=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: username=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&realm=ZAP&username=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: username=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyAuthEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setHttpProxyExclusionEnabled/override?apikey=ZAP&enabled=ZAP&host=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authority=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | authority |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authority=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setPassThroughEnabled/override?apikey=ZAP&authority=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRateLimitRuleEnabled/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: validity=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: validity=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setRootCaCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: validity=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: validity=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: validity=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP |
| Metody | GET |
| Parameter | validity |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setServerCertValidity/override?apikey=ZAP&validity=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: validity=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: host=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | host |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: host=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: password=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | password |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: password=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: port=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | port |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: port=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | useDns |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: useDns=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | useDns |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: useDns=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | useDns |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: useDns=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: username=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: username=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | username |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: username=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | version |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: version=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | version |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: version=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP |
| Metody | GET |
| Parameter | version |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxy/override?apikey=ZAP&host=ZAP&password=ZAP&port=ZAP&useDns=ZAP&username=ZAP&version=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: version=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setSocksProxyEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: use=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: use=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseClientCertificate/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: use=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: use=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: use=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP |
| Metody | GET |
| Parameter | use |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/action/setUseGlobalHttpState/override?apikey=ZAP&use=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: use=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/proxy.pac/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/rootCaCert/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP |
| Metody | GET |
| Parameter | proxy |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/other/setProxy/override?apikey=ZAP&proxy=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: proxy=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getAliases/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getConnectionTimeout/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDefaultUserAgent/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getDnsTtlSuccessfulQueries/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getHttpProxyExclusions/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getLocalServers/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getPassThroughs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRateLimitRules/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getRootCaCertValidity/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getServerCertValidity/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/getSocksProxy/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyAuthEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isHttpProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isSocksProxyEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/network/view/isUseGlobalHttpState/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | target |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: target=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | target |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: target=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP |
| Metody | GET |
| Parameter | target |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importFile/override?apikey=ZAP&contextId=ZAP&file=ZAP&target=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: target=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | hostOverride |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: hostOverride=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | hostOverride |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: hostOverride=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | hostOverride |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/openapi/action/importUrl/override?apikey=ZAP&contextId=ZAP&hostOverride=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: hostOverride=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/params/view/params/override?apikey=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importFile/override?apikey=ZAP&endpointUrl=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | endpointUrl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/postman/action/importUrl/override?apikey=ZAP&endpointUrl=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: endpointUrl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/clearQueue/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableAllTags/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/disableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllScanners/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableAllTags/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: ids=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP |
| Metody | GET |
| Parameter | ids |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/enableScanners/override?apikey=ZAP&ids=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: ids=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setEnabled/override?apikey=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | maxAlerts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: maxAlerts=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | maxAlerts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: maxAlerts=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP |
| Metody | GET |
| Parameter | maxAlerts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setMaxAlertsPerRule/override?apikey=ZAP&maxAlerts=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: maxAlerts=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | alertThreshold |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertThreshold=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: id=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP |
| Metody | GET |
| Parameter | id |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScannerAlertThreshold/override?alertThreshold=ZAP&apikey=ZAP&id=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: id=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | onlyInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: onlyInScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | onlyInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: onlyInScope=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP |
| Metody | GET |
| Parameter | onlyInScope |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/action/setScanOnlyInScope/override?apikey=ZAP&onlyInScope=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: onlyInScope=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentRule/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/currentTasks/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/maxAlertsPerRule/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/recordsToScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanners/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/pscan/view/scanOnlyInScope/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/quickstartlaunch/other/startPage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | initiators |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: initiators=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | initiators |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: initiators=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | initiators |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: initiators=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: matchRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: matchString=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: matchString=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchString |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: matchString=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: matchType=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: matchType=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | matchType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: matchType=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | replacement |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: replacement=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | replacement |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: replacement=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | replacement |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/addRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&enabled=ZAP&initiators=ZAP&matchRegex=ZAP&matchString=ZAP&matchType=ZAP&replacement=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: replacement=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/removeRule/override?apikey=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | bool |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [id] attribute The user input found was: bool=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | bool |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [form] tag [name] attribute The user input found was: bool=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. |
| Metody | GET |
| Parameter | bool |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/action/setEnabled/override?apikey=ZAP&bool=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos. appears to include user input in: a(n) [select] tag [id] attribute The user input found was: bool=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/replacer/view/rules/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | contexts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contexts=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | contexts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contexts=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | contexts |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contexts=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | display |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: display=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | display |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: display=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | display |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: display=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedConfidences |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: includedConfidences=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedConfidences |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: includedConfidences=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedConfidences |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: includedConfidences=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedRisks |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: includedRisks=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedRisks |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: includedRisks=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | includedRisks |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: includedRisks=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportDir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: reportDir=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportDir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: reportDir=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportDir |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: reportDir=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: reportFileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: reportFileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: reportFileName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileNamePattern |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: reportFileNamePattern=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileNamePattern |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: reportFileNamePattern=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | reportFileNamePattern |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: reportFileNamePattern=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sections |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sections=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sections |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sections=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sections |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sections=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sites |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: sites=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sites |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: sites=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | sites |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: sites=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: template=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: template=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: template=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | theme |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: theme=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | theme |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: theme=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | theme |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: theme=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | title |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: title=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | title |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: title=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP |
| Metody | GET |
| Parameter | title |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/action/generate/override?apikey=ZAP&contexts=ZAP&description=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&display=ZAP&includedConfidences=ZAP&includedRisks=ZAP&reportDir=ZAP&reportFileName=ZAP&reportFileNamePattern=ZAP§ions=ZAP&sites=ZAP&template=ZAP&theme=ZAP&title=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: title=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: template=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: template=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP |
| Metody | GET |
| Parameter | template |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templateDetails/override?apikey=ZAP&template=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: template=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reports/view/templates/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | alertIds |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: alertIds=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | alertIds |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: alertIds=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | alertIds |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: alertIds=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/retest/action/retest/override?alertIds=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | reveal |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: reveal=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | reveal |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: reveal=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP |
| Metody | GET |
| Parameter | reveal |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/action/setReveal/override?apikey=ZAP&reveal=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: reveal=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/reveal/view/reveal/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetAllRuleConfigValues/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/resetRuleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/action/setRuleConfigValue/override?apikey=ZAP&key=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/allRuleConfigs/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: key=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP |
| Metody | GET |
| Parameter | key |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/ruleConfig/view/ruleConfigValue/override?apikey=ZAP&key=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: key=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearGlobalVars/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/clearScriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/disable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/enable/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | charset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: charset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | charset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: charset=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | charset |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: charset=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: fileName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | fileName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: fileName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptDescription |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptDescription=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptDescription |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptDescription=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptDescription |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptDescription=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptEngine |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptEngine=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptEngine |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptEngine=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptEngine |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptEngine=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptType=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptType=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP |
| Metody | GET |
| Parameter | scriptType |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/load/override?apikey=ZAP&charset=ZAP&fileName=ZAP&scriptDescription=ZAP&scriptEngine=ZAP&scriptName=ZAP&scriptType=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptType=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/remove/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/runStandAloneScript/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setGlobalVar/override?apikey=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varValue=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varValue=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP |
| Metody | GET |
| Parameter | varValue |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/action/setScriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP&varValue=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varValue=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalCustomVars/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVar/override?apikey=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/globalVars/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listEngines/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listScripts/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/listTypes/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptCustomVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: varKey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP |
| Metody | GET |
| Parameter | varKey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVar/override?apikey=ZAP&scriptName=ZAP&varKey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: varKey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP |
| Metody | GET |
| Parameter | scriptName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/script/view/scriptVars/override?apikey=ZAP&scriptName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scriptName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/other/harByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/messagesByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByHeaderRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByRequestRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByResponseRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | baseurl |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: baseurl=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/search/view/urlsByUrlRegex/override?apikey=ZAP&baseurl=ZAP&count=3®ex=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/addBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/removeBrowserArgument/override?apikey=ZAP&argument=ZAP&browser=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: argument=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | argument |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: argument=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setBrowserArgumentEnabled/override?apikey=ZAP&argument=ZAP&browser=ZAP&enabled=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionChromeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDefaultProfile/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionFirefoxDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionIeDriverPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionLastDirectory/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/action/setOptionPhantomJsBinaryPath/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: browser=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP |
| Metody | GET |
| Parameter | browser |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/getBrowserArguments/override?apikey=ZAP&browser=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: browser=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionBrowserExtensions/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionChromeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDefaultProfile/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionFirefoxDriverPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionIeDriverPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionLastDirectory/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/selenium/view/optionPhantomJsBinaryPath/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methodConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methodConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methodConfigParams=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/action/setSessionManagementMethod/override?apikey=ZAP&contextId=ZAP&methodConfigParams=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methodName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethod/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: methodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: methodName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP |
| Metody | GET |
| Parameter | methodName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSessionManagementMethodConfigParams/override?apikey=ZAP&methodName=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: methodName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/sessionManagement/view/getSupportedSessionManagementMethods/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: file=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP |
| Metody | GET |
| Parameter | file |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importFile/override?apikey=ZAP&file=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: file=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/soap/action/importUrl/override?apikey=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/addDomainAlwaysInScope/override?apikey=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/clearExcludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/disableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/enableAllDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: regex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP |
| Metody | GET |
| Parameter | regex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/excludeFromScan/override?apikey=ZAP®ex=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: regex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isEnabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isEnabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | isRegex |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: isRegex=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/modifyDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP&isEnabled=ZAP&isRegex=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pause/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/pauseAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: idx=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP |
| Metody | GET |
| Parameter | idx |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeDomainAlwaysInScope/override?apikey=ZAP&idx=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: idx=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/removeScan/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resume/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/resumeAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextName=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | contextName |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextName=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [form] tag [name] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scan/override?apikey=ZAP&contextName=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com appears to include user input in: a(n) [select] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | maxChildren |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: maxChildren=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: recurse=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | recurse |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: recurse=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | subtreeOnly |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: subtreeOnly=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/scanAsUser/override?apikey=ZAP&contextId=ZAP&maxChildren=ZAP&recurse=ZAP&subtreeOnly=ZAP&url=https%3A%2F%2Fzap.example.com&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionAcceptCookies/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleODataParametersVisited/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionHandleParameters/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxChildren/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDepth/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxDuration/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxParseSizeBytes/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionMaxScansInUI/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseComments/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseDsStore/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseGit/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseRobotsTxt/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSitemapXml/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionParseSVNEntries/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionPostForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionProcessForm/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionRequestWaitTime/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSendRefererHeader/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionShowAdvancedDialog/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionSkipURLString/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionThreadCount/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/setOptionUserAgent/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stop/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/action/stopAllScans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/addedNodes/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/allUrls/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/domainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/excludedFromScan/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/fullResults/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionAcceptCookies/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScope/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionDomainsAlwaysInScopeEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleODataParametersVisited/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionHandleParameters/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxChildren/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDepth/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxDuration/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxParseSizeBytes/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionMaxScansInUI/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseComments/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseDsStore/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseGit/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseRobotsTxt/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSitemapXml/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionParseSVNEntries/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionPostForm/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionProcessForm/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionRequestWaitTime/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSendRefererHeader/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionShowAdvancedDialog/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionSkipURLString/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionThreadCount/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/optionUserAgent/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/results/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/scans/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: scanId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP |
| Metody | GET |
| Parameter | scanId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/spider/view/status/override?apikey=ZAP&scanId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: scanId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/clearStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Boolean |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionInMemoryEnabled/override?Boolean=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Boolean=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdHost/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: Integer=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | Integer |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPort/override?Integer=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: Integer=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: String=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP |
| Metody | GET |
| Parameter | String |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/action/setOptionStatsdPrefix/override?String=ZAP&apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: String=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/allSitesStats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionInMemoryEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdEnabled/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdHost/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPort/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/optionStatsdPrefix/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: site=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP |
| Metody | GET |
| Parameter | site |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/siteStats/override?apikey=ZAP&keyPrefix=ZAP&site=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: site=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP |
| Metody | GET |
| Parameter | keyPrefix |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/stats/view/stats/override?apikey=ZAP&keyPrefix=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: keyPrefix=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/authenticateAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/newUser/override?apikey=ZAP&contextId=ZAP&name=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/pollAsUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/removeUser/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | authCredentialsConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: authCredentialsConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | authCredentialsConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: authCredentialsConfigParams=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | authCredentialsConfigParams |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: authCredentialsConfigParams=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationCredentials/override?apikey=ZAP&authCredentialsConfigParams=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollResult |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: lastPollResult=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollResult |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: lastPollResult=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollResult |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: lastPollResult=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollTimeInMs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: lastPollTimeInMs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollTimeInMs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: lastPollTimeInMs=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | lastPollTimeInMs |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: lastPollTimeInMs=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | requestsSinceLastPoll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: requestsSinceLastPoll=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | requestsSinceLastPoll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: requestsSinceLastPoll=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | requestsSinceLastPoll |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: requestsSinceLastPoll=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setAuthenticationState/override?apikey=ZAP&contextId=ZAP&lastPollResult=ZAP&lastPollTimeInMs=ZAP&requestsSinceLastPoll=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | domain |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: domain=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | domain |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: domain=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | domain |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: domain=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: path=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: path=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | path |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: path=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | secure |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: secure=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | secure |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: secure=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | secure |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: secure=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: value=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP |
| Metody | GET |
| Parameter | value |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setCookie/override?apikey=ZAP&contextId=ZAP&domain=ZAP&name=ZAP&path=ZAP&secure=ZAP&userId=ZAP&value=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: value=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: enabled=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | enabled |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: enabled=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserEnabled/override?apikey=ZAP&contextId=ZAP&enabled=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: name=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | name |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: name=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/action/setUserName/override?apikey=ZAP&contextId=ZAP&name=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentials/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationCredentialsConfigParams/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationSession/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getAuthenticationState/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: userId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP |
| Metody | GET |
| Parameter | userId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/getUserById/override?apikey=ZAP&contextId=ZAP&userId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: userId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: contextId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP |
| Metody | GET |
| Parameter | contextId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/users/view/usersList/override?apikey=ZAP&contextId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: contextId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/sendTextMessage/override?apikey=ZAP&channelId=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP |
| Metody | GET |
| Parameter | outgoing |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/action/setBreakTextMessage/override?apikey=ZAP&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&outgoing=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: outgoing=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/breakTextMessage/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/channels/override?apikey=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: messageId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: messageId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP |
| Metody | GET |
| Parameter | messageId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/message/override?apikey=ZAP&channelId=ZAP&messageId=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: messageId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: apikey=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | apikey |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: apikey=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: channelId=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | channelId |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: channelId=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | payloadPreviewLength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: payloadPreviewLength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | payloadPreviewLength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: payloadPreviewLength=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | payloadPreviewLength |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: payloadPreviewLength=ZAP The user-controlled value was: zapapiformat |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [form] tag [name] attribute The user input found was: start=ZAP The user-controlled value was: zapform |
| URL | http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP |
| Metody | GET |
| Parameter | start |
| Atak | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:3000/UI/websocket/view/messages/override?apikey=ZAP&channelId=ZAP&count=3&payloadPreviewLength=ZAP&start=ZAP appears to include user input in: a(n) [select] tag [id] attribute The user input found was: start=ZAP The user-controlled value was: zapapiformat |
| Instances | 4134 |
| Solution |
Validate all input and sanitize output it before writing to any HTML attributes.
|
| Reference | http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10031 |